With more fintech’s looking to expand their businesses internationally, it can be daunting to navigate varying regulations across borders. This article focuses on regulations in the United States. For those also focused on expanding into the United Kingdom, we have an article covering regulatory aspects to consider which can be found here.
International fintech businesses and startups offering tech-enabled payments, lending, and financial products are looking to bring their services to new markets, including the United States. Launching financial products and services in the United States requires careful consideration of federal laws and regulations in all 50 states and US territories, as well as rules of industry self-regulatory organizations. Here are five key considerations you need to know and plan for before entering the US payment, deposit, or lending market.
Payment services and lending-related businesses are regulated under both federal law and a myriad of state and municipal laws. A particularly difficult barrier to entry is the fact that federal law and the laws of all 50 states (plus certain territories and municipalities) require businesses to register or obtain a license to conduct certain payments- and lending-related activities in each jurisdiction where they do business. These laws also have additional compliance requirements, which vary by state, and may present challenges in adopting a nationwide approach.
For payments-related companies, while variations exist among states, a money transmitter license is generally required if the company either (1) receives and transmits funds to another person or location or (2) sells payment instruments or stored value. Money transmitters may also be required to comply with requirements for segregating and safeguarding customer assets, generating financial statements and reports, and maintaining sufficient liquid assets to satisfy customer liabilities. Under the federal Bank Secrecy Act (BSA), money transmitters are required to register with the Financial Crimes Enforcement Network (FinCEN) and implement a risk-based compliance program to protect the US payments system from being used for money laundering or other criminal activities.
Consumer and commercial lenders, as well as loan brokers and debt collectors, may be subject to a variety of state and federal lending regulations. These laws prescribe specific disclosure requirements and reporting obligations. The federal Truth in Lending Act and the Equal Credit Opportunity Act focus on transparency in consumer credit transactions and equitable access to credit products by requiring consistent economic terms disclosures and prohibiting discrimination based on an applicant’s protected characteristics. State lending statutes focus on protecting state residents against predatory lending practices by requiring lender licenses and limiting the amount of interest and fees a lender can charge. Some states regulate consumer lending only, while others regulate both consumer lending and commercial lending.
The licensing application processes are similar across the board, but businesses must generally wait for a regulator’s approval of the application before they may launch in that jurisdiction. The timing varies among the states, ranging from a couple of weeks to 12 months. Once a company is licensed as a money transmitter or lender, it will be subject to the supervision and examination of the licensing states. Because there is no uniformity among the state laws, a state-by-state analysis to determine to what extent the licensing and substantive requirements apply to a fintech company’s specific activities is always an important first step before entering the US market.
To reduce their obligations to obtain a license in each state, fintech companies frequently find it beneficial to partner with a bank or other company that is already authorized and able to offer the regulated financial service the fintech company would like to offer to its customers. In this partnership arrangement, the regulated activities are undertaken by the bank while the fintech company offers the customer interface, and functions as a service provider to the bank. Chartered banks in the US are generally permitted to conduct money transmission and to make loans without state licenses. A bank is also allowed to charge the highest interest available in the state where it is located on credit it extends to borrowers residing in any state, without regard to the interest and fee limitations in the borrowers’ states, which would otherwise apply to the non-bank fintech companies. See Goodwin Fintech Flash: Interest Exportation FAQs.
Under the bank partnership construct, it is the bank, not the fintech company, that provides the regulated activities. However, as a service provider to the bank, the fintech company is subject to the supervision and audit of the bank and the bank’s regulatory supervisors. Although bank partnerships can substantially reduce fintech companies’ licensing and compliance obligations, the parties may still need ample time to negotiate a partnership agreement and to determine how they will meet their remaining compliance obligations. Fintech companies desiring to offer financial products and services through a bank partnership should engage experienced counsel to identify the appropriate bank partners and guide the negotiation process. See Goodwin Fintech Flash: Fintech-Bank Lending Partnerships: 8 Key Issues.
In the US, only banks are typically eligible to be members of the Visa and Mastercard networks. And only members of a network can issue credit or debit cards on that network. As such, fintech companies desiring to engage in card business in the US need to partner with a member bank for issuing fintech-branded cards.
In the payment processing business, only an acquiring bank that is a member of the network may settle proceeds of card transactions on behalf of merchants who accept cards. Although a fintech company may offer services to card issuers, acquiring banks, and merchants to facilitate these transactions, funds processed through the relevant card network must be initially acquired and settled by the acquiring bank. Similar considerations exist for processing transactions through the Automated Clearing House (ACH) and other real-time-payment and wire transfer systems.
Although a fintech company has to rely on a bank to access the payment networks, fintech companies may nonetheless manage many aspects of the process, such as designing and managing card programs, acting as a payment facilitator or marketplace, providing the customer interface and communications, and transmitting funds from the acquiring bank to merchants (provided the fintech company has the necessary money transmitter licenses).
Funds deposited in a US bank that is a member of the Federal Deposit Insurance Corporation (FDIC) are insured up to the coverage limit, which is currently set at $250,000 per depositor, per insured bank, for each account ownership category. Deposits in a bank in excess of that coverage limit are subject to loss in the case of bank failure.
In March 2023, Silicon Valley Bank in California and Signature Bank in New York, which served a technology clientele, were closed by their respective state banking regulators and entered into FDIC receivership. The FDIC announced that it would step in to protect depositors from losses in these two cases, but the FDIC is not required to do so in the future, and the series of events highlighted the risks fintech companies should plan for when creating banking relationships. For example, banking operation disruption could cause uncertainty and delay in certain payment processing services, loss of uninsured deposits and prepaid card balances, and the inability to accept payments from customers. Having relationships with more than one bank and participating in a deposit “sweep” program, in which deposits will be swept to other FDIC-insured banks to maximize return and FDIC insurance, may help mitigate these risks.
Regulation of cryptocurrency activities in the US is ever-changing and tightening. The issuance, exchange, and custody of cryptocurrency are all subject to regulatory scrutiny by multiple regulators including the Securities and Exchange Commission (SEC), FinCEN, and various state and municipal financial services regulators, among others. Cryptocurrency may be regulated as a security by the SEC. FinCEN has also taken the position that certain cryptocurrency activities are money transmission, subject to the BSA. Likewise, many states have taken the same position as FinCEN and required cryptocurrency companies to obtain money transmitter licenses. An increasing number of states have introduced cryptocurrency-specific regulations, such as the New York Virtual Currency Regulation, that would require a cryptocurrency service provider to obtain additional “bitlicenses” and comply with additional laws. That being said, whether a fintech company engaged in cryptocurrency activities should be licensed in any state depends on whether the business model encompasses one or more of the licensable activities under the relevant laws and regulations. The proposed business activity and flow of funds should be carefully reviewed and analyzed to make that determination.
Federal and state banking regulators have increasingly scrutinized banks’ relationships with cryptocurrency companies. As a result, cryptocurrency companies may find it more difficult to open bank accounts and enter into partnership agreement with banks. On January 2, 2023, the US federal banking agencies issued a joint statement discussing the risk of cryptocurrency to US banking organizations. This statement was interpreted by many as a stark warning to banks that their activities involving cryptocurrency would be scrutinized by the bank’s regulator and that new business lines involving cryptocurrency activities may face high hurdles for approval by the regulator. After the fallout of Silicon Valley Bank and Signature Bank, banks may further distance themselves from cryptocurrency businesses, which are thought to be volatile and are more likely than traditional firms to have frequent and large deposit withdrawals.
Therefore, under the current regulatory environment, establishing a banking relationship may require a bit more patience and flexibility.
To discuss the contents of this alert, please contact the authors or your usual Goodwin contact.
Goodwin’s Fintech group strategically leverages its regulatory, transactional, and litigation and enforcement practices to provide full-service support in every vertical of fintech and financial services, including: lending, payments, alternative finance, deposits, brokerage and wealth management, digital currency and blockchain, insurance and insurtech, and transactions, including bank partnerships and deal due diligence.
Kimberly Monty HolzelPartner
Ximeng (Sammy) TangAssociate